Secure Cloud Applications Research Articles

Best Practices to Implement and Pitfalls to Avoid in Cloud Application Security

This paper explores the importance of reevaluating the application security posture in the context of modern software development practices and the shift towards cloud computing. It highlights the challenges posed by the evolving threat landscape and emphasizes the need for a comprehensive and proactive security strategy. The paper also discusses various techniques and best practices for securing applications from the code level to the cloud environment, encompassing secure coding practices, and the effective utilization of cloud security services. By adopting a holistic approach to application security, organizations can mitigate risks and protect their applications and data throughout the software development lifecycle. Keywords: Application Security, Software Development, Cloud Computing, Secure Coding, Vulnerability Assessment, Penetration Testing, Cloud Security Services Proceedings Citation Format Oyitso, E.J. & Ordia, E.D. (2023): Best Practices to Implement and Pitfalls to Avoid in Cloud Application Security. Proceedings of the Cyber Secure Nigeria Conference. Nigerian Army Resource Centre (NARC) Abuja, Nigeria. 11-12th July, 2023. Pp 41-48. https://cybersecurenigeria.org/conference-proceedings/volume-2-2023/ dx.doi.org/10.22624/AIMS/CSEAN-SMART2023P6

SecIngress: An API gateway framework to secure cloud applications based on N-variant system

Based on the diversified technology and the cross-validation mechanism, the N-variant system provides a secure service architecture for cloud providers to protect the cloud applications from attacks by executing multiple variants of a single software in parallel and then checking their behaviors' consistency. However, it is complex to upgrade current Software as a Service (SaaS) applications to adapt N-variant system architecture. Challenges arise from the inability of tenants to adjust the application architecture in the cloud environment, and the difficulty for cloud service providers to implement N-variant systems using existing API gateways. This paper proposes SecIngress, an API gateway framework, to overcome the challenge that it is hard in the cloud environment to upgrade the applications based on N-variants system. We design a two-stage timeout processing method to lessen the service latency and an Analytic Hierarchy Process Voting under the Metadata mechanism (AHPVM) to enhance voting accuracy. We implement a prototype in a testbed environment and analyze the security and performance metrics before and after deploying the prototype to show the effectiveness of SecIngress. The results reveal that SecIngress enhances the reliability of cloud applications with acceptable performance degradation.

Cloud Application Security Based on Enhanced MD5 Algorithm

Cloud Application Security Based on Enhanced MD5 Algorithm

Efficient oblivious transfer construction via multiple bits dual-mode cryptosystem for secure selection in the cloud

ABSTRACTCloud computing is a promising paradigm to provide flexible and reliable services. Nevertheless, concern and anxiety about data security and tenants’ privacy are still a major barrier for the popularity of cloud computing. Oblivious transfer (OT) is a cryptographic primitive that enables a client to selectively retrieve data in a privacy-preserving manner. It can be used to construct high-level protocols enabling applications in the cloud-computing paradigm. Technically, it has been proven that OT protocols can be constructed using a CPA-secure public-key encryption scheme. Along these lines, Peikert et al. formulated a dual-mode cryptosystem on which they constructed a single-bit OT scheme. Obviously, it has deficiencies in performance, which makes it unqualified for use in cloud-computing scenarios. This paper aims at providing an efficient multi-bit OT scheme for secure cloud applications. We first propose a multi-bit dual-mode cryptosystem based on the learning with errors (LWE) problem. Based on this multi-bit dual-mode cryptosystem, we construct a multi-bit OT. We present details of the OT construction together with security analysis of our scheme, and finally provide an example of how it can be used in specific application scenarios.

Developing Dependable and Secure Cloud Applications

In this article, the authors analyze the security and dependability challenges for developing dependable and secure Cloud applications. They also provide an overview of their research and development that aims to ameliorate some of the obstacles.

Security-by-design in Clouds: A Security-SLA Driven Methodology to Build Secure Cloud Applications

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud application and allows to determine the countermeasures to consider at design time in order to thwart the main existing threats.The paper illustrates a proof-of-concept application that founds on standard risk assessment tools and adopts state-of-art Security Control Frameworks and a novel Security SLA model for the security requirements representation.

Modeling security requirements for cloud‐based system development

SummaryThe Cloud Computing paradigm provides a new model for the more flexible utilization of computing and storage services. However, such enhanced flexibility, which implies outsourcing the data and business applications to a third party, may introduce critical security issues. Therefore, there is a clear necessity of new security paradigms able to face all the problems introduced by the cloud approach. Although, in the last years, several solutions have been proposed, the implementation of secure cloud applications and services is still a complex and far from consolidated task. Starting from these considerations, this work fosters the development of a methodology that considers security concerns as an integral part of cloud‐based applications design and implementation. Accordingly, we present a set of stereotypes that defines a vocabulary for annotating Unified Modeling Language based models with information relevant for integrating the specification of security requirements into cloud architectures. This approach can be used to significantly improve productivity and overall success in the development of secure distributed cloud applications and systems. Copyright © 2014 John Wiley & Sons, Ltd.

Novel Cloud Intelligent Defensive System [CIDS] Against Cyber Attacks Using Penetration Testing

Cloud application security is the most predominant issue in the present scenario of Cloud environment. Cloud application and cloud server attacks can create mayhem with the system within no time. In this paper, the consideration is towards the most vital cloud attacks that are devastating the cyber world such as DDoS, IP Spoofing, XSS (Cross Site Scripting) and SQL Injection. The proposed defensive system CIDS (Cloud based Intelligent Defensive System) is designed specifically with the goal of keeping the end user’s information Secure and providing uninterrupted Service. It monitors and controls the cloud server and the cloud applications against these cloud attacks. This defensive system is initiated by first exploiting the system to the attacks without damaging the valuable data by performing vulnerability assessment followed by penetration testing and the defensive system will safeguard cloud based services against these dreadful attacks. Keywords: Cloud Computing, Cross Site Scripting, DDoS, IP Spoofing, Penetration Testing, SQL Injection, Vulnerability Assessment

Designing a new programming language for building securecloud computing-based applications

Abstract In 2009, Carnegie Mellon Qatar, Qatar University, Texas A&M Qatar and IBM launched a joint research project on cloud computing. Cloud computing is a computing paradigm in which the computing resources, the software and the data are made available to the users as a service through the internet. In this paradigm, the software is no longer a standalone application installed on the user's platform, but resides on one or several servers. For instance, Google Docs is an office suite (word processor, spreadsheet and presentation) that can be used through a web browser. This new kind of application is a radical shift in the way we design, implement and deploy software. In this context, ensuring security becomes critical since a vulnerability in a cloud-based application may exposed data of all users using the service. Yet, developing secure cloud applications is complex because programmers are required to reason about distributed computation and to write code using heterogeneous languages, often not originally designed with distributed computing in mind. Testing is the common way to catch bugs and vulnerabilities as current technologies provide limited support. There are doubts this can scale up to meet the expectations of more sophisticated cloud-based applications. In this project, we have designed a type-safe programming language called “Qwesst”. We used it to express interaction patterns commonly found in distributed applications that go beyond current technologies. This language prevents the programmer from writing unsafe code that can lead to a cross site scripting attack, also called XSS attacks. An XSS attack enables an attacker to inject JavaScript code into a webpage. This is a severe vulnerability that has become the most widespread security breach in web-based applications. In the future, we plan to extend the language with new security features that will allow the programmer to control data dissemination and information flow.